
<html><HEAD>
<LINK REL=STYLESHEET HREF="default.css" TYPE="text/css">
<TITLE>
Using Open Client security services</TITLE>
</HEAD>
<BODY>

<!-- Header -->
<p class="ancestor" align="right"><A HREF="connpbp39.htm">Previous</A>&nbsp;&nbsp;<A HREF="connpbp41.htm" >Next</A>
<!-- End Header -->
<A NAME="CCJCFJBD"></A><h1>Using Open Client security services</h1>
<A NAME="TI760"></A><p>The Adaptive Server interfaces provide several DBParm parameters
that support Open Client 11.1.x or later network-based security
services in your application. If you are using the required database,
security, and PowerBuilder software, you can build applications that
take advantage of Open Client security services.</p>
<A NAME="TI761"></A><h2>What are Open Client security services?</h2>
<A NAME="TI762"></A><p>Open Client 11.1.x or later <strong>security services</strong> allow
you to use a supported third-party security mechanism (such as CyberSafe
Kerberos) to provide login authentication and per-packet security
for your application. Login authentication establishes a secure
connection, and per-packet security protects the data you transmit
across the network.</p>
<A NAME="CCJCGHGC"></A><h2>Requirements for using Open Client security services</h2>
<A NAME="TI763"></A><p>For you to use Open Client security services in your application, <i>all
of the following must be true</i>:<A NAME="TI764"></A>
<ul>
<li class=fi>You are accessing an Adaptive Server database server
using Open Client Client-Library (CT-Lib) 11.1.x or later software.</li>
<li class=ds>You have the required network security mechanism
and driver.<br>
You have the required Sybase-supported network security mechanism
and Sybase-supplied security driver properly installed and configured
for your environment. Depending on your operating system platform,
examples of supported security mechanisms include: Distributed Computing Environment
(DCE) security servers and clients, CyberSafe Kerberos, and Windows
NT LAN Manager Security Services Provider Interface (SSPI).<br><br>
For information about the third-party security
mechanisms and operating system platforms that Sybase has tested
with Open Client security services, see the Open Client documentation.<br></li>
<li class=ds>You can access the secure server outside PowerBuilder.<br>
You must be able to access a secure Adaptive Server server
using Open Client 11.1.x or later software from outside PowerBuilder.<br><br>
To verify the connection, use a tool such as <ACRONYM title = "I sequel" >ISQL</ACRONYM> or <ACRONYM title = "sequel" >SQL</ACRONYM> Advantage
to make sure you can connect to the server and log in to the database
with the same connection parameters and security options you plan
to use in your PowerBuilder application.<br></li>
<li class=ds>You are using aPowerBuilder database interface.<br>
You are using the ASE or SYC Adaptive Server interface to
access the database.<br></li>
<li class=ds>The Release DBParm parameter is set to the appropriate
value for your database.<br>
You have set the Release DBParm parameter to 11or higher
to specify that your application should use the appropriate version
of the Open Client CT-Lib software.<br><br>
For instructions, see Release in the online
Help.<br></li>
<li class=ds>Your security mechanism and driver support the requested
service.<br>
The security mechanism and driver you are using must support
the service requested by the DBParm parameter.<br>
</li>
</ul>
</p>
<A NAME="TI765"></A><h2>Security services DBParm parameters</h2>
<A NAME="TI766"></A><p>If you have met the requirements described in <A HREF="connpbp40.htm#CCJCGHGC">"Requirements for using Open
Client security services"</A>, you can set
the security services DBParm parameters in the Database Profile
Setup dialog box for your connection or in a PowerBuilder application
script.</p>
<A NAME="TI767"></A><p>There are two types of DBParm parameters that you can
set to support Open Client security services: login authentication
and per-packet security.</p>
<A NAME="TI768"></A><h4>Login authentication DBParms</h4>
<A NAME="TI769"></A><p>The following login authentication DBParm parameters correspond
to Open Client 11.1.x or later connection properties that allow
an application to establish a secure connection.<A NAME="TI770"></A>
<ul>
<li class=fi>Sec_Channel_Bind</li>
<li class=ds>Sec_Cred_Timeout</li>
<li class=ds>Sec_Delegation</li>
<li class=ds>Sec_Keytab_File</li>
<li class=ds>Sec_Mechanism</li>
<li class=ds>Sec_Mutual_Auth</li>
<li class=ds>Sec_Network_Auth</li>
<li class=ds>Sec_Server_Principal</li>
<li class=ds>Sec_Sess_Timeout
</li>
</ul>
</p>
<A NAME="TI771"></A><p>For instructions on setting these DBParm parameters,
see their descriptions in the online Help. </p>
<A NAME="TI772"></A><h4>Per-packet security DBParms</h4>
<A NAME="TI773"></A><p>The following per-packet security DBParm parameters correspond
to Open Client 11.1.x or later connection properties that protect
each packet of data transmitted across a network. Using per-packet
security services might create extra overhead for communications
between the client and server.<A NAME="TI774"></A>
<ul>
<li class=fi>Sec_Confidential</li>
<li class=ds>Sec_Data_Integrity</li>
<li class=ds>Sec_Data_Origin</li>
<li class=ds>Sec_Replay_Detection</li>
<li class=ds>Sec_Seq_Detection
</li>
</ul>
</p>
<A NAME="TI775"></A><p>For instructions on setting these DBParm parameters,
see their descriptions in the online Help. </p>

